Hacker group floods dark web with data stolen from 11 companies

A hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies.

For the past week, a hacking group known as Shiny Hunters has been busy selling a steady stream of user databases from alleged data breaches.

It started last weekend with Tokopedia, Indonesia’s largest online store, where a database of over 90 million user records was being sold.

Soon after, Shiny Hunters began selling a database of 22 million user records for Unacademy, one of India’s largest online learning platforms. After being contacted by BleepingComputer, the company released a statement that their company was breached.

On Wednesday, Shiny Hunters continued their rampage by claiming to hack into Microsoft’s GitHub account earlier this year and leaking files from the company’s private source code repositories.

Microsoft GitHub account breach
Microsoft GitHub account breach

While Microsoft has not officially admitted that their GitHub account was breached, sources have told BleepingComputer that the shared data was indeed private repositories only accessible to Microsoft employees.

Now selling user records from 11 data breaches

Earlier this week, BleepingComputer was told by cyber intelligence firm ZeroFox that Shiny Hunters had begun selling databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for higher education.

Chatbooks breach

With the three databases combined, there are a total of 26 million accounts being sold with prices for each database ranging between $1,500 and $2,500.

Soon after reporting on these breaches, ChatBooks started sending data breach notifications to their users.

Last night, cyber intelligence firm Cyble told BleepingComputer that Shiny Hunters had started to “flood the market” with new data breaches from other companies, bringing the total amount of user databases being sold to 11.

Company User Records Price
Tokopedia 91 million $5,000
Homechef 8 million $2,500
Bhinneka 1.2 million $1,200
Minted 5 million $2,500
Styleshare 6 million $2,700
Ggumim 2 million $1,300
Mindful 2 million $1,300
StarTribune 1 million $1,100
ChatBooks 15 million $3,500
The Chronicle Of Higher Education 3 million $1,500
Zoosk 30 million $500

From samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been 100% confirmed.

Sample user database being sold
Sample user database being sold

After being told about the new databases being sold, BleepingComputer had contacted the affected companies but has not heard back yet.

To be safe, if you have an account at any of the sites listed above, it is strongly suggested that you change your password to a strong and unique one used only at that site.

If the same password has been used at other sites, change your password to a unique one there as well.


Next Post

Lethal levels of heat and humidity are gripping global ‘hot spots’ sooner than expected | Science

Sun May 10 , 2020
Amritsar, India, is one place that has reeled under higher than normal heat and humidity. Munish Byala/Hindustan Times via Getty Images By Warren CornwallMay. 8, 2020 , 2:40 PM From the shores of the Persian Gulf to the foothills of Mexico’s Sierra Madre Occidental mountains, hot weather is reaching levels […]